SANS 2013

Lenny Zeltser

Aptly called the "Yoda" of malware analysis by his students, Lenny Zeltser keeps his eye on the big picture and focuses on the sum of events rather than individual occurrences. He lives by that philosophy and brings it to his job and classroom. "Even those professional moments that seem insignificant by themselves can be an important piece of the progressive journey that, hopefully, takes us toward our career objectives and honors our ideals," says Lenny. "And you may not even see the value in those moments until you look back on the path."

A seasoned business and technology leader with extensive information security expertise, Lenny started his professional journey in a variety of technical infosec roles before serving as the national lead of the U.S. security consulting practice at a major cloud services provider. Later in his career he oversaw a portfolio of security services at a Fortune 500 technology company. Today, as VP of Products at Minerva Labs, Lenny designs and builds designs creative anti-malware products. Lenny is also a senior instructor at SANS and the primary author of FOR610: Reverse-Engineering Malware: Malware Analysis Tools and Techniques, a course he designed as an on-ramp into the malware analysis field. The course helps students expand and systematize their approaches to examining malicious software using a variety of techniques.

"My goal is to make this topic as accessible to people as possible," says Lenny. "There is indeed much one needs to know to understand the inner workings of malicious code, but the good news is that people can begin learning how to do this work by building on the technical skills they already have, whether they are grounded in system administration, network security, software development or other aspects of IT."

Like many of his students, Lenny's career path began in an IT role, which lends unique strengths to his information security expertise.

"My first job in IT was Unix system administration, then I moved onto Windows sysadmin, and then I spent a bit of time on software development," Lenny explains. "I found myself gravitating toward the information security aspects of these jobs. For me, Infosec exists at the intersection of many disciplines, and working in this field allows me to make use of the skills and interests I've acquired across various aspects of IT."

Along the way, Lenny earned the prestigious GIAC Security Expert professional designation, and he currently serves on the Board of Directors of SANS Technology Institute. Lenny holds a bachelor's degree in computer science from the University of Pennsylvania and a master's in business administration from MIT Sloan.

A co-author of four books on malware, network security, and digital forensics, Lenny also developed the Linux toolkit REMnux to make it easier to use a variety of freely available malware analysis tools, many of which run well on Linux but can be difficult to find and install. REMnux has grown to become a very popular toolkit and today is used by malware analysts throughout the world. The FOR610 course that Lenny teaches covers many of the tools installed on REMnux.

Lenny gives his students more than technical tools, however, and he says that the most important lesson he teaches his students is: "You can do it."

"It's easy to get discouraged when you run into professional challenges that you're not equipped to handle," Lenny explains. "But when you participate in SANS training, you encounter many new tools and concepts that you will be able to attach to the techniques you already know from prior experience in the field. Much of what you learn will occur after you finish the course and begin applying the concepts to your work outside the classroom. I strive to give students the confidence and the core skills they need to keep learning about and curtailing malware threats even after the class ends."

In his free time, Lenny indulges his love of food both as chef and consumer. "Eating a delicious meal in good company is always time well spent for me," he says. Lenny also loves to cook as a way to clear his mind, disconnect from the day-to-day challenges of business and IT, and connect with family and friends. Lenny subscribes to several food and cooking magazines and enjoys experimenting with new recipes, ingredients, and spices. "Not everything I cook turns into a great dish- sometimes experiments lead towards unfavorable results- so I keep reminding myself to think about this process as a journey, not as a destination."

This is what student are saying about Senior Instructor Lenny Zeltser:

"Lenny presented a wealth of knowledge, tied it together smoothly, and I am leaving with exponentially more knowledge." - David Werden, NGIS

"Last week, myself and three of my associates attended SANS GREM training. Based on previous recommendations by prior students, we explicitly attended this session given Lenny was the instructor. As someone who has been responsible for development and delivery of training and education services, Lenny is the best instructor I have ever encountered in my professional life. His approachable demeanor, passion for the learning process, and empathy for his students was just as impressive as his mastery of the curriculum. This praise was unanimous among my three associates." - Colin Sheppard, Vice President of Cyber Security & Fraud, International at First Data Corporation

"Lenny is one of the reasons why it's fun to be in the information security community. His extraordinary intellect and talent for research and innovation is matched by his communication and teaching skills. He's a fantastic writer and a wonderful instructor who has mastered the ability to teach complex concepts in a very approachable manner. Lenny is also one of the nicest people you'll ever run into in our field or any other." - Eric Huber, Cyber Fraud Subject-Matter Expert

"Lenny Zeltser is another one of those people you read about in magazines and think "Man, I wish I was that guy." A true leader in information security and a great guy all around. Lenny once actually paid me a compliment when I was teaching for SANS, along the lines of being inspired at the time by me being one the folks who happily stood up to teach in front of large crowds (we were both new to the game at the time). I found this humorous since I felt only awe at his own amount of knowledge. I still have the copy of Network Perimeter Security, which he personally sent me to get my opinion of it. I recall that I didn't end up providing my feedback since I felt beneath the ability to comment on it at the time!" - Ed Luck, Principal Consultant, Solutions at Dimension Data

"I was part of the group that attended and reviewed Lenny's try-out session as a SANS instructor, and was blown away by the energy, expertise, and focus he displayed. Where others have at times failed to properly handle interruptions, especially from people who were trying to lead them astray and/or force them to stumble, Lenny remained focused, put the interrupter nicely but firmly in his place, and postponed further discussion to the Q&A session at the end of the class. When audience members asked targeted questions, inquiring about their understanding of recent developments in information security, he was able to elaborate on each of the topics and help them improve their grasp on various hot topics. Lenny displays lots of dedication, is very intelligent, has a solid grasp of information security, and is capable of explaining complicated technical concepts in easily understandable terms." - Roland Grefer, Principal, Global Support Services Group